Latest Computer Threat Could Be Worst Yet

Grant Aiding Push for Defenses Against 'Reactively Adaptive' Malware

May 20, 2010

The next looming threat to your computer is more insidious than anything experts have seen in the past, says a UT Dallas computer scientist.

Dr. Kevin Hamlen is referring to a form of malicious software, or malware, that he calls “reactively adaptive.” And although the threat is still hypothetical, he and his colleagues caution that unless adequate defenses are developed soon, reactively adaptive malware could one day roam the Internet with impunity, producing potentially disastrous consequences.

“Today's malware mutates randomly in order to avoid detection, but reactively adaptive malware is more intelligent, learning and adapting to new computer defenses on the fly,” said Hamlen, an assistant professor of computer science in the University’s Erik Jonsson School of Engineering and Computer Science.

“What we’ve realized is that the same technology that goes into antivirus software could be turned on its head to make some viruses nearly unstoppable,” he added. “It’s a serious concern.”

He and his colleague Dr. Latifur Khan, a data-mining expert, have received a $450,000 grant from the U.S. Air Force to study the potential threat and develop ways to stop such malicious software.

Reactively adaptive malware uses the same algorithms that antivirus software uses to detect viruses, but the malware deploys those algorithms to outwit antivirus defenses and go undetected. The UT Dallas team’s work, which is just getting under way, envisions using data-mining techniques to more quickly update the databases employed by antivirus software so that they can adapt even faster than such malware can mutate.

Hamlen’s team includes a recent UT Dallas PhD recipient and now postdoctoral fellow Mehedy Masud as well as Dr. Bhavani Thuraisingham, director of the University’s Cyber Security Research Center.

“This project addresses one of the major security challenges we face today,” Thuraisingham said.

“What we’ve realized is that the same technology that goes into antivirus software could be turned on its head to make some viruses nearly unstoppable,” Dr. Kevin Hamlen said.

Pentagon Intrusion Could Be Precursor

Last November CBS’s 60 Minutes reported on what one expert called the most significant cyber intrusion ever publically acknowledged by the Pentagon, a breach that may have been caused by software similar to the reactively adaptive malware that Dr. Kevin Hamlen’s UT Dallas team is addressing.